matrixtest-IaC/securitygroups.tf

48 lines
1.6 KiB
HCL

# Data sources for existing groups
# Datasource of sunet ssh-from-jumphost security group.
data "openstack_networking_secgroup_v2" "sshfromjumphosts" {
name = "ssh-from-jumphost"
}
data "openstack_networking_secgroup_v2" "allegress" {
name = "allegress"
}
# Resources to define new security groups
# Securitygroup to allow kubernetes nodes
resource "openstack_networking_secgroup_v2" "kubenode" {
name = "kubenode"
description = "Securitygroup for microk8s nodes"
delete_default_rules = true
}
resource "openstack_networking_secgroup_rule_v2" "kubeingressv4" {
direction = "ingress"
ethertype = "IPv4"
remote_group_id = openstack_networking_secgroup_v2.kubenode.id
security_group_id = openstack_networking_secgroup_v2.kubenode.id
}
resource "openstack_networking_secgroup_rule_v2" "kubeingressv6" {
direction = "ingress"
ethertype = "IPv6"
remote_group_id = openstack_networking_secgroup_v2.kubenode.id
security_group_id = openstack_networking_secgroup_v2.kubenode.id
}
resource "openstack_networking_secgroup_rule_v2" "kubeegressv4" {
direction = "egress"
ethertype = "IPv4"
remote_group_id = openstack_networking_secgroup_v2.kubenode.id
security_group_id = openstack_networking_secgroup_v2.kubenode.id
}
resource "openstack_networking_secgroup_rule_v2" "kubeegressv6" {
direction = "egress"
ethertype = "IPv6"
remote_group_id = openstack_networking_secgroup_v2.kubenode.id
security_group_id = openstack_networking_secgroup_v2.kubenode.id
}